#!/bin/sh

uci -q batch <<-EOF >/dev/null
	delete firewall.ipsecd
	set firewall.ipsecd=include
	set firewall.ipsecd.type=script
	set firewall.ipsecd.path=/etc/ipsec.include
	set firewall.ipsecd.reload=1
	commit firewall
EOF

uci -q batch <<-EOF >/dev/null
  delete firewall.ike
  add firewall rule
  rename firewall.@rule[-1]="ike"
  set firewall.@rule[-1].name="ike"
  set firewall.@rule[-1].target="ACCEPT"
  set firewall.@rule[-1].src="wan"
  set firewall.@rule[-1].proto="udp"
  set firewall.@rule[-1].dest_port="500"
  delete firewall.ipsec
  add firewall rule
  rename firewall.@rule[-1]="ipsec"
  set firewall.@rule[-1].name="ipsec"
  set firewall.@rule[-1].target="ACCEPT"
  set firewall.@rule[-1].src="wan"
  set firewall.@rule[-1].proto="udp"
  set firewall.@rule[-1].dest_port="4500"
  delete firewall.ah
  add firewall rule
  rename firewall.@rule[-1]="ah"
  set firewall.@rule[-1].name="ah"
  set firewall.@rule[-1].target="ACCEPT"
  set firewall.@rule[-1].src="wan"
  set firewall.@rule[-1].proto="ah"
  delete firewall.esp
  add firewall rule
  rename firewall.@rule[-1]="esp"
  set firewall.@rule[-1].name="esp"
  set firewall.@rule[-1].target="ACCEPT"
  set firewall.@rule[-1].src="wan"
  set firewall.@rule[-1].proto="esp"
  commit firewall
EOF

uci -q batch <<-EOF >/dev/null
	delete ucitrack.@ipsec[-1]
	add ucitrack ipsec
	set ucitrack.@ipsec[-1].init=ipsec
	commit ucitrack
EOF

rm -f /tmp/luci-indexcache
exit 0
